BalCCon2k24

Ali

Ali is a security researcher with over a decade of experience working in tech fields. Currently, he is application security lead at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as: Confidence Conf 2020 , Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc. Moreover, he was a trainer at OWASP Summer of Security 2020, 2021 July training, and reviewer for Springer Cluster Computing Journal as well as the 2021 Global AppSec U.S. event.

  • Dev Ally, Zero-Days Foe
Brian

Professional shitty prototype builder

  • Darknet Data Deluge: A Script Kiddie's Guide to Efficient Leak Analysis
cluosh

Currently a PhD student at the University of Vienna, working together with the Industrial, Systems and IoT-Security group at SBA-Research. Previously worked several years as a software engineer in the field of mechanical simulation. Main interests are software reverse engineering and graphics programming.

  • Hacker Jeopardy
  • Here be Dragons: Ghidra Decompiler API Adventures
CryptoLek

CitySecs Finland, Volunteering at DisObey conference, Dad of twin rascals

  • A brief look at all things infostealers
Diogo

Diogo Lemos is an Application Security Engineer with extensive experience in developing and managing security solutions. His professional journey began at Checkmarx, where he built security products, and subsequently advanced to Flutter Entertainment. At Flutter, Diogo not only implemented these products but also gained the freedom to develop and tailor them to meet specific organizational needs. His expertise includes automating security processes, optimizing scanning programs, and spearheading cloud security initiatives. Diogo is also an active contributor to various open-source security projects and has a solid record of speaking at industry conferences, including talks on SAST and SCA solutions at Flutter and other venues.

  • Building vs. Buying – A Tale of Developing an In-House SCA Tool
Dokac

I try to keep the volunteers organized at the event. You might also know me as Mima and I’m a part of the Balccon orga

  • Fast typing competition
Erethon / Dionysis Grigoropoulos

SRE by trade, but my interests lie in security, decentralization, radio communications and hardware hacking.

FOSS contributor to various projects, blog available at https://blog.erethon.com/, part of https://libreops.cc/about/

  • Around the RF world in 60 minutes
Fábio Pinto

I'm an Information Security Engineer at Flutter UKI&I, where I focus on keeping our systems and applications secure. I have a background in Computer and Network Security, with a Bachelor's degree in the field, and over the years, I've gained experience across different sectors working to protect IT infrastructures.

At Flutter, my role involves identifying and mitigating security risks related to applications and systems. I work with tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) to find vulnerabilities and ensure that our software is developed and deployed securely.

A big part of my work also involves automating security controls, which helps make our processes more efficient. I regularly use tools like Cloudflare to secure our cloud architectures and web applications, putting in place strong protection mechanisms that make a real difference in our overall security posture.

I also have a solid understanding of ElasticSearch, Kibana, and Grafana, which I use to analyze and visualize security data. This helps me and my team make more informed decisions. Plus, I use Python for automating workflows, making our security operations smoother and more effective.

Beyond my day-to-day role, I enjoy contributing to the open-source community. I've been involved with Surface-Security, where I collaborate with other security pros on projects that improve vulnerability detection and system protection.

Cybersecurity is a constantly evolving field, and I'm passionate about staying up-to-date with the latest developments. I'm always learning and finding ways to expand my knowledge and skills.

  • Building vs. Buying – A Tale of Developing an In-House SCA Tool
fladnaG (Max)

Security Architect at myDid and independent auditor/pentester/teacher in France.

  • Protecting web applications with FOSS
Georg

Security & Stuff.

  • Hacker Jeopardy
Goran

Goran Mahovlić (electronics tech) worked for years in repair shop for informatics and bank equipment. Moved on to a developer for low power wireless technologies (LoRA/nbIOT) and measuring systems. Currently self employed in Intergalaktik d.o.o. working on opensource HW solutions, mostly FPGA boards. With constant urge to take apart any device within reach and find out it’s secrets, Goran is equally successful at hardware and software hacking, from cheap products, up cycling old tech, to serious work in technology and microprocessor development. He is a tech coordinator at Radiona. In past, Goran led a number of accomplished workshop and presentations, regular member of Radiona projects and exhibitions, lead and founder of Radiona SmartZG network. Among his work is founding the Lemilica.com portal, for which he writes.

  • EMI/EMC pre-compliance on cheap
  • Reversing and repurposing resin 3D printer
Hetti

TBA

  • Hacker Jeopardy
Igor Brkić

Igor Brkić is software and hardware engineer covering areas from the custom hardware and firmware development to the system and web development. He is also one of the founders of the Radiona Zagreb makerspace.

  • Jellyfish Open Power Profiler
  • Reversing and repurposing resin 3D printer
Jani Kovacs

Jani (Janos Kovacs) spent his whole career in the automotive industry. Started as a test engineer at the production lines, then switching for the software development domain verifying and validating the functional safety and (at that time) premature cybersecurity layer of the product portfolio of his employers.
From 2019 he dedicated himself to the newborn field of the automotive cybersecurity. He took a key part in the establishment of the Cyber Security Management System of several OEMs and Tier1s. Beside the GRC related activities, he is also a practicing risk analyst, who developed frameworks for automotive cybersecurity risk assessment, and undertaken the cyber risk analysis of both ECUs and more abstract vehicle functions.
For public speaking and teaching is one of his hobbies, he is also a guest professor at Obuda University, Budapest, where he teaches a course about Embedded Cybersecurity.

  • Digital Twins - Solving a puzzle for fleet management
Jovan Savković
  • Fast typing competition
Kat Fitzgerad

Kat Fitzgerald has many years in Security, with an emphasis on Blue Teams, (former Purple), DevSecOps, IR.

Based in Chicago and a natural creature of winter, you can typically find her sipping Casa Noblé Añejo whilst simultaneously defending systems using OSS, magic spells and Dancing Flamingos.

Honeypots, Refrigerators (WiFi enabled of course) and IoT (Internet of Threats) are a few of her favorite things!

  • Threat Modeling is an art, let's make you an artist!
Kirils Solovjovs

Kirils Solovjovs is an IT policy activist, bug bounty hunter, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.

He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process. Kirils currently works as a research assistant in Institute of Electronics in Computer Science and as a member of the board in IT security company "Possible Security".

  • Remotely snooping on traffic patterns using network protocols
  • Security Impress Karaoke
kost

Kost serves as the CTO at Diverto, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. His diverse roles over the years, gave him experience in setting up information security program to technical deep down of bit flipping. Regardless of the position, the overarching goal remains consistent: assisting clients in attaining their desired levels of security.

Vlatko finds joy in both breaking and building security controls. Beyond his commitment to security, he harbors a deep passion for open and free software. This passion has manifested in the creation of numerous popular open-source offensive tools and contributions to various renowned free security software projects.

Throughout his extensive career and in his continuous pursuit of knowledge, Vlatko has acquired a long array of certifications, including CISSP, OSCP, CISM, and many more.

  • Hardware made Shadow
Lennert Preuth

Lennert Preuth is a self-employed penetration tester with focus on source code reviews. Besides taking care of complex customer engagements, he does research and responsible disclosure. Additionally, he holds a IT-Security master from FH Technikum Vienna and has interest in bug bounty and live hacking events. He is a holder of several IT security certificates and has already published multiple security advisories and blog posts.

  • It’s Only Light, Right? Hacking the Shadows of Govee
leyrer

Leyrer - rants, Linux, command lines, old computer systems, IT fails, bad puns and lot's of sarcasm. If you ask a question at one of my talks, Manner might be in your future.

  • Modern Command Line Tools - We Are Getting "Rusty"
M. Selim Karahan

Selim is an experienced Offensive Security Engineer with over a decade of expertise in red teaming and penetration testing for Fortune 500 companies. He specializes in simulating advanced persistent threats and identifying vulnerabilities to improve organizational security. He holds certifications including OSCP, OSEP, and CISSP, and tries to be an active contributor to the cybersecurity community. He is dedicated to advancing his skills and staying current with the latest trends in cyber threats and defenses

  • Don't ask me how I spent my first €300, I can explain the rest
MacLemon

Friendly human. You're encouraged to say hi and have a chit-chat around the conference!

Likes to do strange things with Macs and BSD. Also doing IT-stuff, automation, operations, and 3D-printing. During Karaoke night usually found behind a microphone.

  • A Karaoke night to remember
  • Fonts and Typography: How do they work?
Marc Rivero Lopez

Marc is a distinguished intelligence expert and an accomplished professional in reverse engineering, a combination that gives him an exceptionally versatile and valuable profile. His career is characterized by deep academic training and extensive practical experience in the field of intelligence, which has enabled him to capture and maintain the interest of audiences at numerous conferences both nationally and internationally.

In his crucial role within CERT/CSIRT teams at leading financial institutions, Marc has distinguished himself as the Head of Research. His solid background in intelligence has been a key asset in this context, proving to be an invaluable resource in identifying, analyzing, and solving complex security challenges.

His reputation as an expert in the field has made him a sought-after reference for his extensive knowledge, particularly in critical areas such as fraud, cybercrime, and targeted attacks. His leadership has been fundamental in the development of numerous research initiatives, which have significantly contributed to the advancement of knowledge in these areas.

In addition to his professional success, Marc stands out as a passionate and committed educator. He currently serves as the coordinator of the Master's program in Computer Security at La Salle Barcelona, where his innovative approach and exceptional skills continue to have a positive impact on the training of the next generation of professionals in the fields of intelligence and security.

  • Dr. Jekyll and Mr. Hyde - The 2 sides of an incident
Max Keasley

Max is a Security Consultant working at WithSecure with a speciality in Microsoft and macOS ecosystems. He has 4 years of security experience with an interest in reverse engineering, operating system internals and low-level security.

  • Taking the "B" Out of DBA -- An Unconventional Attack Path Against AD FS Through Database Administration
Miaou

I am passionate about software engineering and hacking, fascinated by all kinds of bypasses.
Finding a door that should be closed but was left open.
From the line of code to the blink of an LED.

I might also be into cryptography and/or maths in general!

  • Black j'Hack: the v-casino heist
Miloš Medić

An aspiring vulnerability researcher that specializes in binary exploitation and CTFs.

  • (glibc) Heap Exploitation
Niharika Singhal

Niharika is a lawyer with a diverse international experience in IT laws, data protection, intellectual property, FinTech & AI, having worked in India, UK, Spain, Germany & Estonia. She has worked as a legal counsel in one of the top tier international law firms as well as a judicial & academic researcher. She has been awarded professional fellowships in the internet governance space in the Asia Pacific region. At FSFE, she manages various European Commission funded projects & legal activities.

  • Ethics Based Openwashing in the AI Licensing Domain
Nikolay Sivko

Nikolay Sivko, Founder & CEO at Coroot, is on a mission to make production troubleshooting easier for developers everywhere. He's deeply enthusiastic about Site Reliability Engineering (SRE) practices, observability, and open source solutions. With over a decade of hands-on experience in the Observability field, Nikolay is a seasoned expert who brings practical insights to the table.

  • Zero-instrumentation observability based on eBPF
nip

I'm crazy about IT and smth around it

So, for about 10 years I'm taking part in several communities (like DCG, 2600, CTF) in different roles (org/ambassador/member/speaker) and made speech & stands on big confs on post-Soviet space

  • RFID going deeper, quest & tools
nm29

Regular person with many different hobbies.

  • BalCCon Amateur LockPicking Competition - BALC
Orga

test

  • Opening
  • BalCCon2k24 Badge
  • Rakija Leaks
  • Ligtning Talks
  • Closing ceremony
Pauline Bourmeau (Cookie)

Pauline is the founder of Cubessa. Human is at the center of her work. Her focus gravitates towards offensive cybersecurity, artificial intelligence, programming culture, cognition as well as the human element of cybersecurity. She has a diverse background with experience in various fields including linguistics, criminology, cybersecurity, computer engineering, and education. By blending together approaches from humanities and deep technical insight, she provides a unique lens on cyber threats and their evolution. Previously working as a Threat Analyst for the past few years, she provides these days AI developments and trainings, aiming to bridge the gap between human understanding and technology. She is also a French vice-champion para-climber and the founder of the DEFCON group Paris.

  • NLP deep-dive: Transformers for Text Mining and Generation in Cybersecurity
  • Intro to Natural Language Processing - text mining for cybersecurity
Petar

I have been involved in hackerspaces and cybersecurity for quite a while now. I also love physical security and lockpicking.

  • Beyond Lockpicking
Robert Simmons

Robert Simmons is Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.

Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.

  • Beginners Malware Analysis Workshop
  • Malware Analysis Topics: Build a Debugger
Sandra Bardón

Red team leader, pentester, researcher, lecturer and previously Blue teamer (DFIR and threat hunting). Sandra is an ITC engineer, GXPN, OSCE, OSCP, … with more than 16 years of experience in cyber security, leading different kind of projects like pentesting and exercises about Red teaming, Purple teaming, and Table-top. Always helping to many organisations like NATO CCDCOE, Spanish Joint Cyber Defence Command and currently in United Nations (UNICC). A real challenges lover!

  • Dr. Jekyll and Mr. Hyde - The 2 sides of an incident
Vanja Svajcer

Vanja Svajcer works as a Threat Researcher at Cisco Talos. Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks time spent scraping telemetry data to find indicators of new attacks is well worth the effort. He presented his work at conferences such as BalCCon, FSec, Bsides, Virus Bulletin, RSA, CARO, AVAR and others.

  • Exploring malicious Windows drivers
Vladan Nikolic

Extracting CSO screams for fun and profit for many years. Regular resident of Monster city and rakija connoisseur.

  • OT and SCADA security
Wolfgang Hotwagner

Wolfgang Hotwagner is a research engineer in the Cyber Security Research Team at the Austrian Institute of Technology (AIT). He reported numerous security vulnerabilities in Open-Source projects and works on topics such as "Pentesting", "Log Anomaly Detection" and "Cyberrange".

  • AttackMate: A modern open-source tool for automating cyberattacks
Yuriy Arbitman

Data Science is about magic. If only data scientists believed it before the Generative AI revolution began with the explosion of ChatGPT, now everybody thinks so. I was lucky to be in the industry in the past 20+ years, first as a developer and researcher, then manager and more recently as a data scientist.
As a data scientist in Imperva, I apply magic to cybersecurity challenges. We use Large Language Models, logistic regression, clustering, and whatever it takes to protect the good guys from the bad ones. The former happen to be our customers.
I hold an M.Sc. in Computer Science from the Weizmann Institute in Israel.

  • The Future of Threat Mitigation: AI in the Battle Against Security Vulnerabilities
Zarko Zivanov

Alongside his regular job, Zarko is collecting, cleaning, fixing (mostly simpler stuff), programming and playing with 8-bit and 16-bit retro computers for more than 20 years. Come and meet in Retro Room!

  • Using TRSE for development for retro computers
Zoz

Zoz is a hacker, robotics engineer and pyrotechnician with broad interests in software, hardware and security applications. He has taught subjects including robotics, digital fabrication, cybersecurity and ethical hacking at top international universities and as a private industry consultant. He has hosted and appeared on numerous international television shows including Prototype This!, Time Warp and RoboNationTV, and speaks frequently at prominent security and hacking conferences including DEF CON, HackCon and BruCon. He believes that your digital data is part of your human right to privacy and is yours to secure or destroy at will.

  • Do Try This At Home: Practical Artisanal Pyrotechnics